Essays from 7 Experts on Moving to a Cloud-Based Endpoint Security Platform

Carbon Black recently published a series of essays about the experiences of experts in the field on information security as they moved their endpoint security program to the cloud; this is one of those essays. To read the full series check out 7 Experts on Moving to a Cloud-Based Endpoint Securit...

PYSEC-2018-19

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as...

hostmap-crtsh NSE Script

Finds subdomains of a web server by querying Google's Certificate Transparency logs database . The script will run against any target that has a name, either specified on the command line or obtained via reverse-DNS. NSE implementation of ctfr.py by Sheila Berta. References:...

Fedora 26 : python-crypto (2018-0c75cc72bc)

The textbook ElGamal implementation is not secure. PyCrypto and some other implementations use the wrong algorithm, which may lead to some information disclosure simply by looking at the encrypted text. For a full description, see https://github.com/dlitz/pycrypto/issues/253 This update includes ...

Design/Logic Flaw

A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service relay crash because the KIST implementation allows a channel to be added more than once in the pending list...

CVE-2018-0491

A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service relay crash because the KIST implementation allows a channel to be added more than once in the pending list...

UBUNTU-CVE-2018-0491

A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service relay crash because the KIST implementation allows a channel to be added more than once in the pending list...

CVE-2018-0491

A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service relay crash because the KIST implementation allows a channel to be added more than once in the pending list...

CVE-2018-0490

An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service NULL pointer dereference and directory-authority crash via a misformatted rel...

CVE-2018-0491

A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service relay crash because the KIST implementation allows a channel to be added more than once in the pending list...

Debian DSA-4127-1 : simplesamlphp - security update

Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol. - CVE-2017-12867 Attackers with access to a secret token could extend its validity period by manipulating the prepended time offset. - CVE-2017-12869 When using the...

Hackers can compromise Memcached Servers for DDoS attacks

By Waqas Unsecured Implementation of UDP Protocol Put Memcached Servers at Risk This is a post from HackRead.com Read the original post: Hackers can compromise Memcached Servers for DDoS attacks...

Moderate: Red Hat Security Advisory: .NET Core on Red Hat Enterprise Linux security update

An update for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and rh-dotnetcore11-dotnetcore is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score,...

CentOS Update for java CESA-2018:0349 centos7

Check the version of java SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882845";...

Arista Networks EOS tcp_input Challenge ACKs Shared Counter Disclosure (SA0023)

The version of Arista Networks EOS running on the remote device is affected by a flaw in the Linux kernel implementation within file net/ipv4/tcpinput.c due to a failure to properly determine the rate of challenge ACK segments. An unauthenticated, remote attacker can exploit this issue to access...

CVE-2017-18200

The f2fs implementation in the Linux kernel, before 4.14, mishandles reference counts associated with f2fswaitdiscardbios calls. This allows local users to cause a denial of service BUG, as demonstrated by fstrim...

Code injection

The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 IC 17, and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT...

CVE-2018-5762

Unisys ClearPath MCP TCP/IP networking module TLS implementation is vulnerable to a Bleichenbacher RSA padding oracle (ROBOT) leading to possible decryption of TLS ciphertext. Affected versions are TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 (IC #17), and 60.0 before 60.044. The CNVD entr...

CVE-2018-5762

The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 IC 17, and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT...

Design/Logic Flaw

The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fswaitdiscardbios calls, which allows local users to cause a denial of service BUG, as demonstrated by fstrim...